Default automation stitches

The following default automation stitches are included in FortiOS:

• Compromised Host Quarantine
• Incoming Webhook Quarantine
• HA Failover
• Network Down
• Reboot
• FortiAnalyzer Connection Down
• License Expired Notification
• Security Rating Notification

To view and edit the automation stitches in the GUI, go to Security Fabric > Automation.

CLI configurations

Compromised Host Quarantine

config system automation-action
    edit "Quarantine on FortiSwitch + FortiAP"
        set description "Default automation action configuration for quarantining a MAC address on FortiSwitches and FortiAPs."
        set action-type quarantine
    next
    edit "Quarantine FortiClient EMS Endpoint"
        set description "Default automation action configuration for quarantining a FortiClient EMS endpoint device."
        set action-type quarantine-forticlient
    next
end

config system automation-trigger
    edit "Compromised Host - High"
        set description "Default automation trigger configuration for when a high severity compromised host is detected."
    next
end

config system automation-stitch
    edit "Compromised Host Quarantine"
        set description "Default automation stitch to quarantine a high severity compromised host on FortiAPs, FortiSwitches, and FortiClient EMS."
        set status disable
        set trigger "Compromised Host - High"
        config actions
            edit 1
                set action "Quarantine on FortiSwitch + FortiAP"